Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Defending APIs
  • Table Of Contents Toc
  • Feedback & Rating feedback
Defending APIs

Defending APIs

By : Colin Domoney
4.3 (10)
close
close
Defending APIs

Defending APIs

4.3 (10)
By: Colin Domoney

Overview of this book

Along with the exponential growth of API adoption comes a rise in security concerns about their implementation and inherent vulnerabilities. For those seeking comprehensive insights into building, deploying, and managing APIs as the first line of cyber defense, this book offers invaluable guidance. Written by a seasoned DevSecOps expert, Defending APIs addresses the imperative task of API security with innovative approaches and techniques designed to combat API-specific safety challenges. The initial chapters are dedicated to API building blocks, hacking APIs by exploiting vulnerabilities, and case studies of recent breaches, while the subsequent sections of the book focus on building the skills necessary for securing APIs in real-world scenarios. Guided by clear step-by-step instructions, you’ll explore offensive techniques for testing vulnerabilities, attacking, and exploiting APIs. Transitioning to defensive techniques, the book equips you with effective methods to guard against common attacks. There are plenty of case studies peppered throughout the book to help you apply the techniques you’re learning in practice, complemented by in-depth insights and a wealth of best practices for building better APIs from the ground up. By the end of this book, you’ll have the expertise to develop secure APIs and test them against various cyber threats targeting APIs.
Table of Contents (19 chapters)
close
close
1
Part 1: Foundations of API Security
6
Part 2: Attacking APIs
10
Part 3: Defending APIs

Understanding HTTP fundamentals

APIs are built on top of the Hypertext Transfer Protocol (HTTP), which in turn uses the Transport Control Protocol (TCP) as a transport layer providing guaranteed error-free data delivery. HTTP was originally designed for the transfer of hypertext documents (such as HTML files) but has been adapted for many other uses due to its ubiquity across systems and because it is generally accessible through firewalls and routers, avoiding the use of custom ports or protocols.

HTTP comprises a few core elements, which we will discuss in the following sections.

Uniform Resource Locator

The Uniform Resource Locator (URL) is the address of a resource (file, JSON record, image, etc.) on the internet. URLs are unique (can only reference a single resource) and are fully qualified (meaning they can be resolved to the resource location without ambiguity).

The generic form of a URL is shown here:

scheme://host[:port]/path[?query-string][#fragment-id]

The...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
bookmark search playlist download font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY